Welcome to SecureDrop’s documentation!

SecureDrop is an open-source whistleblower submission system that media organizations can use to securely accept documents from and communicate with anonymous sources.

User Guides

• Source Guide
  • Choose who to submit to
  • Get the Tor Browser
  • Making your First Submission
  • Continuing the Conversation
• Journalist Guide
  • Workflow
  • Create GPG key for the journalist
  • Connect to the Journalist Interface
  • Move Documents to the Secure Viewing Station
  • Decrypt and work on the Secure Viewing Station
  • Interact With Sources
  • Work with Documents
  • Encrypt and move documents to Journalist Workstation
  • Decrypt and prepare to publish
• Administrator Guide
  • Responsibilities
  • Adding Users
  • Updating the Servers
• Passphrase Best Practices
  • General Best Practices
  • For Sources
  • For Journalists/Administrators

Install SecureDrop

• Overview
  • Technical Summary
  • Infrastructure
  • Operation
• Terminology
  • Source
  • Journalist
  • Application Server
  • Monitor Server
  • Source Interface
  • Journalist Interface
  • Journalist Workstation
  • Admin Workstation
  • Secure Viewing Station
  • Two-Factor Authenticator
  • Transfer Device
• Passphrases
  • Admin
  • Journalist
• Hardware
  • Hardware Overview
  • Required Hardware
  • Optional Hardware
  • Specific Hardware Recommendations
• Before you begin
• Create Tails USBs
  • Install Tails
  • Enable Persistent Storage
• Set up the Secure Viewing Station
• Set up the Transfer Device
  • Select DVDs or USBs
  • USB Transfer Device Configuration
• Generate the SecureDrop Submission Key
  • Ensure Filenames are Preserved
  • Correct the system time
  • Create the key
  • Export the public key
• Set up the Admin Workstation
  • Start Tails with Persistence Enabled
  • Download the SecureDrop repository
  • Create the Admin Passphrase Database
• Set up the Network Firewall
  • Before you begin
  • Initial Configuration
  • Disable DHCP on the LAN
  • SecureDrop Configuration
  • Tips for setting up pfSense Firewall Rules
  • Keeping pfSense up to date
• Set up the Servers
  • Install Ubuntu
  • Test Connectivity
  • Set up SSH keys
  • Minor Admin Tasks
• Install SecureDrop
  • Install Prerequisites
  • Configure the Installation
  • Install SecureDrop Servers
• Configure the Admin Workstation Post-Install
  • Auto-connect to the Authenticated Tor Hidden Services
  • Set up two-factor authentication for the Admin
• Create an admin account on the Journalist Interface
• Test the Installation
  • Test connectivity
  • Sanity-check the install
  • Test the web interfaces
• Onboard Journalists
  • Determine access protocol for the Secure Viewing Station
  • Create a Journalist Tails USB
  • Set up automatic access to the Journalist Interface
  • Add an account on the Journalist Interface
  • Verify Journalist Setup

Checklists

• Pre-Install Hardware Checklist

Topic Guides

• SecureDrop Deployment Best Practices
  • Landing Page
  • Minimum requirements for the SecureDrop environment
  • Suggested
  • Whole Site Changes
• Promoting your SecureDrop Instance
  • High Profile Announcement
  • Provide a clear link on your homepage
  • Provide Links at the Bottom of Your Articles
  • Make an instructional video on how to access and use your SecureDrop
  • Regularly share your SecureDrop landing page on social media
  • Target potential whistleblowers with advertising
  • Put an advertisement in your physical paper
• What Makes SecureDrop Unique
  • No third parties that can secretly be subpoenaed
  • Limits the metadata trail as much as possible
  • Encrypted and air-gapped
  • Protecting against hackers
  • Free and open source software
• Google Authenticator
  • iOS
  • Android
• Useful Logs
  • Both servers
  • Application Server
  • Monitor Server
• OSSEC Guide
  • Setting up OSSEC alerts
  • Troubleshooting
  • Analyzing the Alerts
• Tails Guide
  • Installing Tails on USB sticks
  • Configure Tails for use with SecureDrop
• Setting up a Printer in Tails
  • Installing and Printing via the Tails GUI
  • Troubleshooting
  • Printing from the Command Line
• HTTPS on the Source Interface
  • Obtaining an HTTPS certificate for Onion URLs
  • Activating HTTPS in SecureDrop
• SecureDrop On-Site Training Schedule
  • Day 1: Preparation and Install
  • Day 2: Journalist and Admin Training
• Using YubiKey with the Journalist Interface
  • Download the YubiKey personalization tool
  • Set up OATH-HOTP
  • Set up a user with the OATH-HOTP secret key
• Backup and Restore SecureDrop
  • Minimizing disk space
  • Backing Up
  • Restoring
• Backup the Workstations
  • What you need
  • Preparing the Backup Device

Upgrade SecureDrop

• Upgrade from 0.3.x to 0.4.x
  • Pull the latest release
  • Upgrade the Tails Persistence Configuration
  • Verify the Upgrades
• Upgrade Tails from 1.x to 2.x
  • Upgrade each Tails device
  • Finishing up
  • Troubleshooting
• Upgrade Tails from 2.x to 3.x
  • Why you should upgrade
  • What you need
  • 1. Prepare the master Tails USB
  • 2. Backup the Tails drives
  • 3. Upgrade the Tails drives
  • 4. Upgrade KeePassX Database
  • 5. Upgrade Secure Viewing Stations
  • 6. Upgrade SecureDrop to 0.4.x
  • If you encounter issues

Developer Documentation

• Getting Started
  • Prerequisites
  • Clone the repository
• Virtual Environments
  • Development
  • Staging
  • Production
• Contributing Guidelines
  • Branching Strategy
  • Automated Testing
  • Code Style
  • Git History
  • Privileges
  • Other Tips
• Tips & Tricks
  • Using Tor Browser with the development environment
  • Upgrading or Adding Python Dependencies
  • Connecting to VMs via SSH over Tor
  • Architecture Diagrams
• Internationalization (i18n)
  • The manage.py translate helper
  • Updating strings to be translated
  • Compiling translations
  • Verifying translations
  • Merging translations
• Getting Started with Weblate Translations
  • Who uses SecureDrop?
  • Register for Weblate
  • Choose a language
  • Translate a phrase
  • Glossary
  • Weblate glossary
  • Getting help
  • Frequently Asked Questions
• Documentation Guidelines
  • Testing documentation changes
  • Integration with Read the Docs
  • Style Guide
• Testing SecureDrop
• Testing: Application Tests
  • Installation
  • Running the application tests
  • Updating the application tests
• Testing: Configuration Tests
  • Installation
  • Running the config tests
  • Updating the config tests
  • Config test layout
  • Config testing strategy
• Testing: CI
  • Travis tests
  • CI test layout
  • Running the CI staging environment
• SecureDrop apt repository
• Updating OSSEC Rules
  • Alerting Strategy
  • Using ossec-logtest
  • Writing Automated Tests for OSSEC Rules
  • Deployment
• Generating AppArmor profiles for Tor and Apache
• Threat Model
  • Assumptions
  • Attack Scenarios